So you have finished your website and uploaded all files to your hosting server’s public directory . By default Appache serves the “index.html or index.php ” file if no file is defined in the url . Pointing your browser to ” http://yourdomain.com” will return the index-file (usually the home page ) . If no index.[html | php] is available , the the server will list all files and directories on the root directory . A hacker could map the directory structure of your website by simply display the source code ( html-code) of a website and then try to display the content of plain text files (txt , js , ini , xml … ) .

Providing access to the content of all plain text files on our server to the public is a HUGE security risk , so we have to restrict access to these files . A developer could of course create empty index.[html | php ] files into each directory and prevent directory-listing , but a simpler method is to define a directive into ” .htaccess” file .

The first directive ( Options -Indexes ) restricts directory listing while the second directive restricts access to all files that have these specific extension ( sqlite , xml , ini , txt , csv , js ). Be very carefull what restrictions you define , for example , including the “js” in the list may impact the functionality of some JQuery plugins . After each change into the .thaccess file do an extensive test ……